Using positive tainting and syntax-aware evaluation to counter SQL injection attacks
Proceedings of the 14th ACM SIGSOFT international symposium on Foundations of software engineering
JavaScript instrumentation for browser security
Proceedings of the 34th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Defeating script injection attacks with browser-enforced embedded policies
Proceedings of the 16th international conference on World Wide Web
Sound and precise analysis of web applications for injection vulnerabilities
Proceedings of the 2007 ACM SIGPLAN conference on Programming language design and implementation
Large-scale analysis of format string vulnerabilities in Debian Linux
Proceedings of the 2007 workshop on Programming languages and analysis for security
Using web application construction frameworks to protect against code injection attacks
Proceedings of the 2007 workshop on Programming languages and analysis for security
ABASH: finding bugs in bash scripts
Proceedings of the 2007 workshop on Programming languages and analysis for security
Preventing injection attacks with syntax embeddings
GPCE '07 Proceedings of the 6th international conference on Generative programming and component engineering
Secure web applications via automatic partitioning
Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles
CANDID: preventing sql injection attacks using dynamic candidate evaluations
Proceedings of the 14th ACM conference on Computer and communications security
Multi-module vulnerability analysis of web-based applications
Proceedings of the 14th ACM conference on Computer and communications security
Dynamic pharming attacks and locked same-origin policies for web browsers
Proceedings of the 14th ACM conference on Computer and communications security
SIF: enforcing confidentiality and integrity in web applications
SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
Static detection of cross-site scripting vulnerabilities
Proceedings of the 30th international conference on Software engineering
Detecting in-flight page changes with web tripwires
NSDI'08 Proceedings of the 5th USENIX Symposium on Networked Systems Design and Implementation
Dynamic test input generation for web applications
ISSTA '08 Proceedings of the 2008 international symposium on Software testing and analysis
Finding bugs in dynamic web applications
ISSTA '08 Proceedings of the 2008 international symposium on Software testing and analysis
Spectator: detection and containment of JavaScript worms
ATC'08 USENIX 2008 Annual Technical Conference on Annual Technical Conference
XSS-GUARD: Precise Dynamic Prevention of Cross-Site Scripting Attacks
DIMVA '08 Proceedings of the 5th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Symbolic String Verification: An Automata-Based Approach
SPIN '08 Proceedings of the 15th international workshop on Model Checking Software
Leveraging User Interactions for In-Depth Testing of Web Applications
RAID '08 Proceedings of the 11th international symposium on Recent Advances in Intrusion Detection
Building secure web applications with automatic partitioning
Communications of the ACM - Inspiring Women in Computing
Package upgrades in FOSS distributions: details and challenges
Proceedings of the 1st International Workshop on Hot Topics in Software Upgrades
Using static analysis for Ajax intrusion detection
Proceedings of the 18th international conference on World wide web
SQLProb: a proxy-based architecture towards preventing SQL injection attacks
Proceedings of the 2009 ACM symposium on Applied Computing
Symbolic String Verification: Combining String Analysis and Size Analysis
TACAS '09 Proceedings of the 15th International Conference on Tools and Algorithms for the Construction and Analysis of Systems: Held as Part of the Joint European Conferences on Theory and Practice of Software, ETAPS 2009,
Lightweight self-protecting JavaScript
Proceedings of the 4th International Symposium on Information, Computer, and Communications Security
Merlin: specification inference for explicit information flow problems
Proceedings of the 2009 ACM SIGPLAN conference on Programming language design and implementation
A decision procedure for subset constraints over regular languages
Proceedings of the 2009 ACM SIGPLAN conference on Programming language design and implementation
Automatic creation of SQL Injection and cross-site scripting attacks
ICSE '09 Proceedings of the 31st International Conference on Software Engineering
Towards maintainer script modernization in FOSS distributions
Proceedings of the 1st international workshop on Open component ecosystems
Abstract Parsing: Static Analysis of Dynamically Generated String Output Using LR-Parsing Technology
SAS '09 Proceedings of the 16th International Symposium on Static Analysis
Improving application security with data flow assertions
Proceedings of the ACM SIGOPS 22nd symposium on Operating systems principles
Ripley: automatically securing web 2.0 applications through replicated execution
Proceedings of the 16th ACM conference on Computer and communications security
XCS: cross channel scripting and its impact on web applications
Proceedings of the 16th ACM conference on Computer and communications security
Finding bugs in exceptional situations of JNI programs
Proceedings of the 16th ACM conference on Computer and communications security
A hybrid analysis framework for detecting web application vulnerabilities
IWSESS '09 Proceedings of the 2009 ICSE Workshop on Software Engineering for Secure Systems
SWAP: Mitigating XSS attacks using a reverse proxy
IWSESS '09 Proceedings of the 2009 ICSE Workshop on Software Engineering for Secure Systems
CANDID: Dynamic candidate evaluations for automatic prevention of SQL injection attacks
ACM Transactions on Information and System Security (TISSEC)
A solution for the automated detection of clickjacking attacks
ASIACCS '10 Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security
Preventing injection attacks with syntax embeddings
Science of Computer Programming
Swaddler: an approach for the anomaly-based detection of state violations in web applications
RAID'07 Proceedings of the 10th international conference on Recent advances in intrusion detection
Prevention of cross-site scripting attacks on current web applications
OTM'07 Proceedings of the 2007 OTM confederated international conference on On the move to meaningful internet systems: CoopIS, DOA, ODBASE, GADA, and IS - Volume Part II
The emergence of cross channel scripting
Communications of the ACM
Client-side detection of XSS worms by monitoring payload propagation
ESORICS'09 Proceedings of the 14th European conference on Research in computer security
Static analysis for detecting taint-style vulnerabilities in web applications
Journal of Computer Security
Solving string constraints lazily
Proceedings of the IEEE/ACM international conference on Automated software engineering
Symbolic security analysis of ruby-on-rails web applications
Proceedings of the 17th ACM conference on Computer and communications security
Interprocedural analysis with lazy propagation
SAS'10 Proceedings of the 17th international conference on Static analysis
Locating need-to-translate constant strings in web applications
Proceedings of the eighteenth ACM SIGSOFT international symposium on Foundations of software engineering
Static checking of dynamically-varying security policies in database-backed applications
OSDI'10 Proceedings of the 9th USENIX conference on Operating systems design and implementation
Toward automated detection of logic vulnerabilities in web applications
USENIX Security'10 Proceedings of the 19th USENIX conference on Security
VEX: vetting browser extensions for security vulnerabilities
USENIX Security'10 Proceedings of the 19th USENIX conference on Security
WebAppArmor: a framework for robust prevention of attacks on web applications
ICISS'10 Proceedings of the 6th international conference on Information systems security
SessionShield: lightweight protection against session hijacking
ESSoS'11 Proceedings of the Third international conference on Engineering secure software and systems
Code-motion for API migration: fixing SQL injection vulnerabilities in Java
Proceedings of the 4th Workshop on Refactoring Tools
Tainted flow analysis on e-SSA-form programs
CC'11/ETAPS'11 Proceedings of the 20th international conference on Compiler construction: part of the joint European conferences on theory and practice of software
Supporting software evolution in component-based FOSS systems
Science of Computer Programming
PHP Aspis: using partial taint tracking to protect against injection attacks
WebApps'11 Proceedings of the 2nd USENIX conference on Web application development
Practical elimination of external interaction vulnerabilities in web applications
Journal of Web Engineering
Towards client-side HTML security policies
HotSec'11 Proceedings of the 6th USENIX conference on Hot topics in security
Fast and precise sanitizer analysis with BEK
SEC'11 Proceedings of the 20th USENIX conference on Security
Toward secure embedded web interfaces
SEC'11 Proceedings of the 20th USENIX conference on Security
Static detection of access control vulnerabilities in web applications
SEC'11 Proceedings of the 20th USENIX conference on Security
Checking enforcement of integrity constraints in database applications based on code patterns
Journal of Systems and Software
A systematic analysis of XSS sanitization in web application frameworks
ESORICS'11 Proceedings of the 16th European conference on Research in computer security
Context-sensitive auto-sanitization in web templating languages using type qualifiers
Proceedings of the 18th ACM conference on Computer and communications security
SCRIPTGARD: automatic context-sensitive sanitization for large-scale legacy web applications
Proceedings of the 18th ACM conference on Computer and communications security
RoleCast: finding missing security checks when you do not know what checks are
Proceedings of the 2011 ACM international conference on Object oriented programming systems languages and applications
Automated removal of cross site scripting vulnerabilities in web applications
Information and Software Technology
Automatically preparing safe SQL queries
FC'10 Proceedings of the 14th international conference on Financial Cryptography and Data Security
SAFERPHP: finding semantic vulnerabilities in PHP applications
Proceedings of the ACM SIGPLAN 6th Workshop on Programming Languages and Analysis for Security
A survey on detection techniques to prevent cross-site scripting attacks on current web applications
CRITIS'07 Proceedings of the Second international conference on Critical Information Infrastructures Security
Quo vadis? a study of the evolution of input validation vulnerabilities in web applications
FC'11 Proceedings of the 15th international conference on Financial Cryptography and Data Security
Mitigating program security vulnerabilities: Approaches and challenges
ACM Computing Surveys (CSUR)
Automated code injection prevention for web applications
TOSCA'11 Proceedings of the 2011 international conference on Theory of Security and Applications
Auto-locating and fix-propagating for HTML validation errors to PHP server-side code
ASE '11 Proceedings of the 2011 26th IEEE/ACM International Conference on Automated Software Engineering
An empirical analysis of input validation mechanisms in web applications and languages
Proceedings of the 27th Annual ACM Symposium on Applied Computing
Proceedings of the 2012 International Symposium on Software Testing and Analysis
Static detection of resource contention problems in server-side scripts
Proceedings of the 34th International Conference on Software Engineering
Automated detection of client-state manipulation vulnerabilities
Proceedings of the 34th International Conference on Software Engineering
Proceedings of the 34th International Conference on Software Engineering
User-aware privacy control via extended static-information-flow analysis
Proceedings of the 27th IEEE/ACM International Conference on Automated Software Engineering
Proceedings of the 27th IEEE/ACM International Conference on Automated Software Engineering
Proceedings of the CUBE International Information Technology Conference
THAPS: automated vulnerability scanning of PHP applications
NordSec'12 Proceedings of the 17th Nordic conference on Secure IT Systems
Generalized vulnerability extrapolation using abstract syntax trees
Proceedings of the 28th Annual Computer Security Applications Conference
Towards fully automatic placement of security sanitizers and declassifiers
POPL '13 Proceedings of the 40th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Technological assessment of e-government web presence in Nigeria
Proceedings of the 6th International Conference on Theory and Practice of Electronic Governance
Mining SQL injection and cross site scripting vulnerabilities using hybrid program analysis
Proceedings of the 2013 International Conference on Software Engineering
Analyzing and defending against web-based malware
ACM Computing Surveys (CSUR)
Information and Software Technology
25 million flows later: large-scale detection of DOM-based XSS
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
deDacota: toward preventing server-side XSS via automatic code and data separation
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
MetaSymploit: day-one defense against script-based attacks with security-enhanced symbolic analysis
SEC'13 Proceedings of the 22nd USENIX conference on Security
A survey on server-side approaches to securing web applications
ACM Computing Surveys (CSUR)
Efficient static checker for tainted variable attacks
Science of Computer Programming
Automata-based symbolic string analysis for vulnerability detection
Formal Methods in System Design
Simulating upgrades of complex systems: The case of Free and Open Source Software
Information and Software Technology
Automated detection of parameter tampering opportunities and vulnerabilities in web applications
Journal of Computer Security
Building web applications on top of encrypted data using Mylar
NSDI'14 Proceedings of the 11th USENIX Conference on Networked Systems Design and Implementation
| Hi-index | 0.02 |
We present a static analysis algorithm for detecting security vulnerabilities in PHP, a popular server-side scripting language for building web applications. Our analysis employs a novel three-tier architecture to capture information at decreasing levels of granularity at the intrablock, intraprocedural, and interprocedural level. This architecture enables us to handle dynamic features of scripting languages that have not been adequately addressed by previous techniques. We demonstrate the effectiveness of our approach on six popular open source PHP code bases, finding 105 previously unknown security vulnerabilities, most of which we believe are remotely exploitable.